The newest phase in the fight for digital/intellectual property rights involves the recent Digital Rights Management software from Sony. Apparently, Sony’s “protected” audio CDs have been installing a “rootkit” onto your computer, and opening up your computer to yet more malicious software on the Internet (as if it isn’t bad enough already without a Sony rootkit). There are a couple of things I want to say about this – first, a short description of exactly what the problem is; and secondly, a look at the ethical/moral implications of this situation. (All you Computer Science professors out there: this is a very good case study if you are teaching a class on Software Ethics.)

So, what exactly happened? Sony, along with many other music companies, has been brainstorming up ways to prevent people from copying audio CDs. This is mostly a reaction to the Napster phenomenon from the turn of the millennium, but also to continued audio piracy. Sony’s solution to the problem has been the sale of protected CDs that put software on a device that identifies the CD as legitimate and allows playback. The software that Sony CDs have been installing onto computers around the world is flawed and has opened up countless computers to new trojans and other malicious software. Sony has since released patches that “remove” the flawed code, although the updated software seems to be equally flawed.

What are the ethical implications? First, and foremost, Sony has been installing software on computers without the informed consent or knowledge of its general user base. While this is bad enough, Sony has been installing a “rootkit” onto your computer – a program that has administrative access to everything on your computer, and hides certain files. Even granting Sony the benefit of the doubt, this is simply poor decision-making and poor programming. To make matters worse, they’ve used allegedly plagiarized code. Sony, as a leader among their competition, should be excelling in all of these areas using honest, open, and transparent means. A company such as Sony should be at the forefront of developing software and/or hardware that is easy to use, SAFE, and effective, not software that is deceptive and dangerous.

One more thing to say before I’m done venting… In response to RIAA president Cary Sherman’s following statement at a recent press conference:

“The problem with the SonyBMG situation is that the technology they used contained a security vulnerability of which they were unaware. They have apologized for their mistake, ceased manufacture of CDs with that technology, and pulled CDs with that technology from store shelves. Seems very responsible to me. How many times that software applications created the same problem? Lots. I wonder whether they’ve taken as aggressive steps as SonyBMG has when those vulnerabilities were discovered, or did they just post a patch on the Internet?”

People generally know that software that they install may contain bugs, and there is a user end license agreement that specifies the terms of those situations. An audio CD that you want to listen to is not equatable to general software installation.